Audit Status - Logon auditing is disabled

ALE is showing an audit status of "Logon auditing is disabled, some functionality will be unavailable for this DC. Please turn on auditing of invalid logons in audit policy settings for this DC.". This has been working properly for quite some time. I suspect it has something to do with installing a trial of Netwrix Auditor. That product is showing when an account gets locked out, but ALE is not.

This might have to do with Advanced Audit Policy settings vs Basic ones. ALE is checking Basic settings while Netwrix Auditor by default configures Advanced: https://helpcenter.n.../AD_Manual.html

The best way to check if auditing is configured on the DC is running an elevated command prompt and executing the following command: auditpol /get /category:*

Note that your DC must be 2008 or newer to run this command.

However I still find it strange that ALE has stopped showing lockouts since it shouldn't really matter which policies are configured - the most important thing is that events are logged. Please check if Security Event logs on your DCs are logging the following event ids: https://www.netwrix.com/kb/1348

If you are confident that auditing is properly configued on your DCs (and your auditpol looks correct), you can disable audit checks in ALE which should remove the error message from the status bar. Please see the last section of https://www.netwrix.com/kb/1571